Solved

Modyfy code for admin

Posted on 2008-06-11
7
251 Views
Last Modified: 2012-08-14
Hello everyone,

I have a code that has been created that pulls username and sends it to the registry. I am looking at adding this to the login script of our company, the only issue is that you need to have admin rights to edit the registry.

Now we have 3 passwords here for the admin:

Username:     Administrator
Password:    Password1
Password:    Password2
Password:    Password3

Now is there a way to add this, and have an if statement for the passwords?


Thanks in advanced Experts...

-Lance
0
Comment
Question by:NTTldola
7 Comments
 

Author Comment

by:NTTldola
ID: 21764741
Sorry guys heres the code
Const HKLM = &H80000002

Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

strKeyPath = "System\SHInfo"
 

UserID=WScript.CreateObject("WScript.Network").UserName

UserName=WScript.CreateObject("WScript.Network").UserName
 

oReg.SetStringValue HKLM,strKeyPath,"UserID",UserID

oReg.SetStringValue HKLM,strKeyPath,"UserName",UserName

 

Set oReg=Nothing

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 21764867
Do you have a list of devices?  And are these updates the same for all systems?

If so, you would simply loop through an arran and replace the period (.) in your GetObject statement to the computer name...run it from an admin console.

arrComputers="C:\ListOfPCs.txt"
For Each PC in arrComputers
Dim objReg : Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & PC & "\root\default:StdRegProv")

Not working code - but you get the idea...if that's an option, let me know and I can post the code for you...
0
 

Author Comment

by:NTTldola
ID: 21764902
No I don't have a list of devices, this will be placed into the login script which will then be run when the user logs in.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 67

Expert Comment

by:sirbounty
ID: 21764917
Hmm - your users won't have admin rights, so they won't be able to modify the hklm hive.
Perhaps another expert has an idea...I can't think of a 'safe' way to allow end users this access through a logon script...(unless you were able to use HKCU hive instead...?)
0
 
LVL 1

Expert Comment

by:davenport651
ID: 21773445
I thought login scripts ran as the System account not the user account.  A login script should be able to edit HKLM registry hive without granting a user any extra rights.  Have you created a test user with limited rights and deployed your script to that user to see if you get the desired effect?

Also, I don't understand what your goal is with the password lines.
0
 
LVL 29

Accepted Solution

by:
matrixnz earned 250 total points
ID: 21778963
DavenPort651
     Users = Login/Logoff Scripts - Runs using users Credentials
     Access to HKCU

     Computers = Startup/ShutDown Scripts - System Account Credentials
     Access to HKLM

NTTldola
You could use a AutoIT Script to do as you're suggested, using RunAs() however it's not secure, I mean you can't just read the password like in a batch or vb script because it's an executable but, if the users are bright enough they may be able to crack it.  AutoIT can be found here http://www.autoitscripts.com it's free to use as well.

The other method is to use a two shot method, i.e. in a startupscript use Regini to change permissions on the HKEY_LOCAL_MACHINE\System\SHInfo Key
more infor on Regini here - http://support.microsoft.com/kb/264584

Another method is to use SetACL found here - http://setacl.sourceforge.net/html/examples.html
although it's not as easy as Regini, you can modify a permission whereas with Regini the permissions are replaced not modified.

Hope that helps.

Cheers
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points
ID: 21782902
If this is on a an Active Directory LAN then use Group Policy to set permissions on those registry keys:

http://www.lockergnome.com/windows/2005/01/11/set-registry-permissions-using-group-policy/

Like it says apply this to the OU containing or above your computers (put them in an OU if needed), set the permissions then when the computers next refresh group policy they will get the registry permission change ready for the next logon.

Then the users will have access and your current script will work without any impersonation.

Steve
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now